]>
Commit | Line | Data |
---|---|---|
1c8cc9e9 | 1 | /* sha3.h |
90112edb NM |
2 | |
3 | The sha3 hash function (aka Keccak). | |
4 | ||
5 | Copyright (C) 2012 Niels Möller | |
6 | ||
7 | This file is part of GNU Nettle. | |
8 | ||
9 | GNU Nettle is free software: you can redistribute it and/or | |
10 | modify it under the terms of either: | |
11 | ||
12 | * the GNU Lesser General Public License as published by the Free | |
13 | Software Foundation; either version 3 of the License, or (at your | |
14 | option) any later version. | |
15 | ||
16 | or | |
17 | ||
18 | * the GNU General Public License as published by the Free | |
19 | Software Foundation; either version 2 of the License, or (at your | |
20 | option) any later version. | |
21 | ||
22 | or both in parallel, as here. | |
23 | ||
24 | GNU Nettle is distributed in the hope that it will be useful, | |
25 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
26 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
27 | General Public License for more details. | |
28 | ||
29 | You should have received copies of the GNU General Public License and | |
30 | the GNU Lesser General Public License along with this program. If | |
31 | not, see http://www.gnu.org/licenses/. | |
32 | */ | |
1c8cc9e9 NM |
33 | |
34 | #ifndef NETTLE_SHA3_H_INCLUDED | |
35 | #define NETTLE_SHA3_H_INCLUDED | |
36 | ||
37 | #include "nettle-types.h" | |
38 | ||
39 | #ifdef __cplusplus | |
40 | extern "C" { | |
41 | #endif | |
42 | ||
833d7496 | 43 | /* Name mangling */ |
1c8cc9e9 | 44 | #define sha3_permute nettle_sha3_permute |
3271b8fa DU |
45 | #define sha3_128_init nettle_sha3_128_init |
46 | #define sha3_128_update nettle_sha3_128_update | |
47 | #define sha3_128_shake nettle_sha3_128_shake | |
48 | #define sha3_128_shake_output nettle_sha3_128_shake_output | |
9cf94512 NM |
49 | #define sha3_224_init nettle_sha3_224_init |
50 | #define sha3_224_update nettle_sha3_224_update | |
51 | #define sha3_224_digest nettle_sha3_224_digest | |
1c8cc9e9 NM |
52 | #define sha3_256_init nettle_sha3_256_init |
53 | #define sha3_256_update nettle_sha3_256_update | |
54 | #define sha3_256_digest nettle_sha3_256_digest | |
64a6def6 | 55 | #define sha3_256_shake nettle_sha3_256_shake |
dd9e7cb1 | 56 | #define sha3_256_shake_output nettle_sha3_256_shake_output |
9cf94512 NM |
57 | #define sha3_384_init nettle_sha3_384_init |
58 | #define sha3_384_update nettle_sha3_384_update | |
59 | #define sha3_384_digest nettle_sha3_384_digest | |
60 | #define sha3_512_init nettle_sha3_512_init | |
61 | #define sha3_512_update nettle_sha3_512_update | |
62 | #define sha3_512_digest nettle_sha3_512_digest | |
1c8cc9e9 | 63 | |
833d7496 NM |
64 | /* Indicates that SHA3 is the NIST FIPS 202 version. */ |
65 | #define NETTLE_SHA3_FIPS202 1 | |
66 | ||
1c8cc9e9 NM |
67 | /* The sha3 state is a 5x5 matrix of 64-bit words. In the notation of |
68 | Keccak description, S[x,y] is element x + 5*y, so if x is | |
69 | interpreted as the row index and y the column index, it is stored | |
70 | in column-major order. */ | |
71 | #define SHA3_STATE_LENGTH 25 | |
72 | ||
73 | /* The "width" is 1600 bits or 200 octets */ | |
74 | struct sha3_state | |
75 | { | |
76 | uint64_t a[SHA3_STATE_LENGTH]; | |
77 | }; | |
78 | ||
79 | void | |
80 | sha3_permute (struct sha3_state *state); | |
81 | ||
1c8cc9e9 NM |
82 | /* The "capacity" is set to 2*(digest size), 512 bits or 64 octets. |
83 | The "rate" is the width - capacity, or width - 2 * (digest | |
84 | size). */ | |
85 | ||
3271b8fa DU |
86 | #define SHA3_128_DIGEST_SIZE 16 |
87 | #define SHA3_128_BLOCK_SIZE 168 | |
88 | ||
1c8cc9e9 | 89 | #define SHA3_224_DIGEST_SIZE 28 |
d22bac82 | 90 | #define SHA3_224_BLOCK_SIZE 144 |
1c8cc9e9 NM |
91 | |
92 | #define SHA3_256_DIGEST_SIZE 32 | |
d22bac82 | 93 | #define SHA3_256_BLOCK_SIZE 136 |
1c8cc9e9 NM |
94 | |
95 | #define SHA3_384_DIGEST_SIZE 48 | |
d22bac82 | 96 | #define SHA3_384_BLOCK_SIZE 104 |
1c8cc9e9 NM |
97 | |
98 | #define SHA3_512_DIGEST_SIZE 64 | |
d22bac82 | 99 | #define SHA3_512_BLOCK_SIZE 72 |
1c8cc9e9 | 100 | |
d22bac82 NM |
101 | /* For backwards compatibility */ |
102 | #define SHA3_224_DATA_SIZE SHA3_224_BLOCK_SIZE | |
103 | #define SHA3_256_DATA_SIZE SHA3_256_BLOCK_SIZE | |
104 | #define SHA3_384_DATA_SIZE SHA3_384_BLOCK_SIZE | |
105 | #define SHA3_512_DATA_SIZE SHA3_512_BLOCK_SIZE | |
1c8cc9e9 | 106 | |
3271b8fa DU |
107 | struct sha3_128_ctx |
108 | { | |
109 | struct sha3_state state; | |
110 | unsigned index; | |
111 | uint8_t block[SHA3_128_BLOCK_SIZE]; | |
112 | }; | |
113 | ||
114 | void | |
115 | sha3_128_init (struct sha3_128_ctx *ctx); | |
116 | ||
117 | void | |
118 | sha3_128_update (struct sha3_128_ctx *ctx, | |
119 | size_t length, | |
120 | const uint8_t *data); | |
121 | ||
122 | void | |
123 | sha3_128_shake (struct sha3_128_ctx *ctx, | |
124 | size_t length, | |
125 | uint8_t *digest); | |
126 | ||
127 | void | |
128 | sha3_128_shake_output (struct sha3_128_ctx *ctx, | |
129 | size_t length, | |
130 | uint8_t *digest); | |
131 | ||
1c8cc9e9 NM |
132 | struct sha3_224_ctx |
133 | { | |
134 | struct sha3_state state; | |
135 | unsigned index; | |
d22bac82 | 136 | uint8_t block[SHA3_224_BLOCK_SIZE]; |
1c8cc9e9 NM |
137 | }; |
138 | ||
9cf94512 NM |
139 | void |
140 | sha3_224_init (struct sha3_224_ctx *ctx); | |
141 | ||
142 | void | |
143 | sha3_224_update (struct sha3_224_ctx *ctx, | |
b8bfc32f | 144 | size_t length, |
9cf94512 NM |
145 | const uint8_t *data); |
146 | ||
147 | void | |
148 | sha3_224_digest(struct sha3_224_ctx *ctx, | |
b8bfc32f | 149 | size_t length, |
9cf94512 NM |
150 | uint8_t *digest); |
151 | ||
1c8cc9e9 NM |
152 | struct sha3_256_ctx |
153 | { | |
154 | struct sha3_state state; | |
155 | unsigned index; | |
d22bac82 | 156 | uint8_t block[SHA3_256_BLOCK_SIZE]; |
1c8cc9e9 NM |
157 | }; |
158 | ||
159 | void | |
160 | sha3_256_init (struct sha3_256_ctx *ctx); | |
161 | ||
162 | void | |
163 | sha3_256_update (struct sha3_256_ctx *ctx, | |
b8bfc32f | 164 | size_t length, |
1c8cc9e9 NM |
165 | const uint8_t *data); |
166 | ||
167 | void | |
168 | sha3_256_digest(struct sha3_256_ctx *ctx, | |
b8bfc32f | 169 | size_t length, |
1c8cc9e9 NM |
170 | uint8_t *digest); |
171 | ||
64a6def6 NM |
172 | /* Alternative digest function implementing shake256, with arbitrary |
173 | digest size */ | |
174 | void | |
175 | sha3_256_shake(struct sha3_256_ctx *ctx, | |
176 | size_t length, | |
177 | uint8_t *digest); | |
178 | ||
dd9e7cb1 DU |
179 | /* Unlike sha3_256_shake, this function can be called multiple times |
180 | to retrieve output from shake256 in an incremental manner */ | |
181 | void | |
182 | sha3_256_shake_output(struct sha3_256_ctx *ctx, | |
183 | size_t length, | |
184 | uint8_t *digest); | |
185 | ||
1c8cc9e9 NM |
186 | struct sha3_384_ctx |
187 | { | |
188 | struct sha3_state state; | |
189 | unsigned index; | |
d22bac82 | 190 | uint8_t block[SHA3_384_BLOCK_SIZE]; |
1c8cc9e9 NM |
191 | }; |
192 | ||
9cf94512 NM |
193 | void |
194 | sha3_384_init (struct sha3_384_ctx *ctx); | |
195 | ||
196 | void | |
197 | sha3_384_update (struct sha3_384_ctx *ctx, | |
b8bfc32f | 198 | size_t length, |
9cf94512 NM |
199 | const uint8_t *data); |
200 | ||
201 | void | |
202 | sha3_384_digest(struct sha3_384_ctx *ctx, | |
b8bfc32f | 203 | size_t length, |
9cf94512 NM |
204 | uint8_t *digest); |
205 | ||
1c8cc9e9 NM |
206 | struct sha3_512_ctx |
207 | { | |
208 | struct sha3_state state; | |
209 | unsigned index; | |
d22bac82 | 210 | uint8_t block[SHA3_512_BLOCK_SIZE]; |
1c8cc9e9 NM |
211 | }; |
212 | ||
9cf94512 NM |
213 | void |
214 | sha3_512_init (struct sha3_512_ctx *ctx); | |
215 | ||
216 | void | |
217 | sha3_512_update (struct sha3_512_ctx *ctx, | |
b8bfc32f | 218 | size_t length, |
9cf94512 NM |
219 | const uint8_t *data); |
220 | ||
221 | void | |
222 | sha3_512_digest(struct sha3_512_ctx *ctx, | |
b8bfc32f | 223 | size_t length, |
9cf94512 NM |
224 | uint8_t *digest); |
225 | ||
1c8cc9e9 NM |
226 | #ifdef __cplusplus |
227 | } | |
228 | #endif | |
229 | ||
230 | #endif /* NETTLE_SHA3_H_INCLUDED */ |